Giving users control over their groups

B

bryars

Hi,

I'm writing an application in .net and I want to provide a user the
ability to add users in and out of just two specific groups. Is this
possible? If it is then I can add a nice little front end in the
application to control the AD groups programatically.

Here's the scenario

The app uses these groups to manage SQL2005 Stored Procedure
permissions, as an example lets call them the

"Booking Application I can delete bookings delete invoices etc Group"

and the

"Booking Application I'm a normal user who has limited functionality
Group"

The scenario is the "Team Leader/Manager" of a booking application
should be able to move "team member" into and out of these groups. But
clearly shouldn't be able to move himself into the Doman Admin group
etc etc.

Regards,

Daniel
 
P

Paul Bergson

Create two groups one the group that you want for grouping your users (Call
this group_users) and a second that controls membership of group_users (Call
this group_jr_admins). Place the user(s) that you want to be able to manage
group_users in group_jr_admins. Go to the properties of group group_users,
select the security tab and add group_jr_admins and give them full control
over group_users. The only issue is group_jr_admins could delete the group
group_users since they have full control but this is the only drawback, you
could go into the advanced features and nail it down to specific security
attributes but for something this small I wouldn't worry about it.

--
Paul Bergson
MCT, MCSE, MCSA, Security+, BS CSi
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
 
B

bryars

Great Thank you!


Paul said:
Create two groups one the group that you want for grouping your users (Call
this group_users) and a second that controls membership of group_users (Call
this group_jr_admins). Place the user(s) that you want to be able to manage
group_users in group_jr_admins. Go to the properties of group group_users,
select the security tab and add group_jr_admins and give them full control
over group_users. The only issue is group_jr_admins could delete the group
group_users since they have full control but this is the only drawback, you
could go into the advanced features and nail it down to specific security
attributes but for something this small I wouldn't worry about it.

--
Paul Bergson
MCT, MCSE, MCSA, Security+, BS CSi
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Prevent some Domain Admin Account from creating USERS, Groups, OUs 2
Privelages for Local Security Group Management 2
Where to store a unique reference in an Appointment Item? 5
Assigning Groups 6
How can I display User groups and priviledges? 1
Auto exec on open or something else ? 1
Realation between Guests and Users groups 5
Remove Domain Admins ability from "Delegation Of Control" 5

Top